This is an archive of the discontinued LLVM Phabricator instance.

[DebugInfo] Fix infinite loop caused by reading past debug_line end
ClosedPublic

Authored by jhenderson on Jan 6 2020, 8:42 AM.

Download Raw Diff

Details

Reviewers

MaskRay
ikudrin
dblaikie
JDevlieghere
probinson

Commits

rG216796f234c7: [DebugInfo] Fix infinite loop caused by reading past debug_line end

Summary

If the claimed unit length of a debug line program is such that the line table would finish past the end of the .debug_line section, an infinite loop occurs because the data extractor will continue to "read" zeroes without changing the offset. This previously didn't hit an error because the line table program handles a series of zeroes as a bad extended opcode.

This patch fixes the inifinite loop and adds a warning if the program doesn't fit in the available data.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

jhenderson created this revision.Jan 6 2020, 8:42 AM

Herald added a project: Restricted Project. · View Herald TranscriptJan 6 2020, 8:42 AM

Herald added a subscriber: hiraditya. · View Herald Transcript

LGTM. Thanks for fixing this!

This revision is now accepted and ready to land.Jan 6 2020, 10:15 AM

Closed by commit rG216796f234c7: [DebugInfo] Fix infinite loop caused by reading past debug_line end (authored by jhenderson). · Explain WhyJan 7 2020, 2:27 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

llvm/

lib/

DebugInfo/

DWARF/

DWARFDebugLine.cpp

19 lines

unittests/

DebugInfo/

DWARF/

DWARFDebugLineTest.cpp

29 lines

Diff 236539

llvm/lib/DebugInfo/DWARF/DWARFDebugLine.cpp

Show First 20 Lines • Show All 522 Lines • ▼ Show 20 Lines	if (OS) {
DIDumpOptions DumpOptions;		DIDumpOptions DumpOptions;
DumpOptions.Verbose = true;		DumpOptions.Verbose = true;
Prologue.dump(*OS, DumpOptions);		Prologue.dump(*OS, DumpOptions);
}		}

if (PrologueErr)		if (PrologueErr)
return PrologueErr;		return PrologueErr;

const uint64_t EndOffset =		uint64_t ProgramLength = Prologue.TotalLength + Prologue.sizeofTotalLength();
DebugLineOffset + Prologue.TotalLength + Prologue.sizeofTotalLength();		if (!DebugLineData.isValidOffsetForDataOfSize(DebugLineOffset,
		ProgramLength)) {
		assert(DebugLineData.size() > DebugLineOffset &&
		"prologue parsing should handle invalid offset");
		uint64_t BytesRemaining = DebugLineData.size() - DebugLineOffset;
		RecoverableErrorCallback(
		createStringError(errc::invalid_argument,
		"line table program with offset 0x%8.8" PRIx64
		" has length 0x%8.8" PRIx64 " but only 0x%8.8" PRIx64
		" bytes are available",
		DebugLineOffset, ProgramLength, BytesRemaining));
		// Continue by capping the length at the number of remaining bytes.
		ProgramLength = BytesRemaining;
		}

		const uint64_t EndOffset = DebugLineOffset + ProgramLength;

// See if we should tell the data extractor the address size.		// See if we should tell the data extractor the address size.
if (DebugLineData.getAddressSize() == 0)		if (DebugLineData.getAddressSize() == 0)
DebugLineData.setAddressSize(Prologue.getAddressSize());		DebugLineData.setAddressSize(Prologue.getAddressSize());
else		else
assert(Prologue.getAddressSize() == 0 \|\|		assert(Prologue.getAddressSize() == 0 \|\|
Prologue.getAddressSize() == DebugLineData.getAddressSize());		Prologue.getAddressSize() == DebugLineData.getAddressSize());

▲ Show 20 Lines • Show All 624 Lines • Show Last 20 Lines

llvm/unittests/DebugInfo/DWARF/DWARFDebugLineTest.cpp

Show First 20 Lines • Show All 432 Lines • ▼ Show 20 Lines	TEST_F(DebugLineBasicFixture, ErrorForInvalidExtendedOpcodeLength) {

generate();		generate();

checkGetOrParseLineTableEmitsFatalError(		checkGetOrParseLineTableEmitsFatalError(
"unexpected line op length at offset "		"unexpected line op length at offset "
"0x00000030 expected 0x02 found 0x01");		"0x00000030 expected 0x02 found 0x01");
}		}

		TEST_F(DebugLineBasicFixture, ErrorForUnitLengthTooLarge) {
		if (!setupGenerator())
		return;

		LineTable &Padding = Gen->addLineTable();
		// Add some padding to show that a non-zero offset is handled correctly.
		Padding.setCustomPrologue({{0, LineTable::Byte}});
		LineTable &LT = Gen->addLineTable();
		LT.addStandardOpcode(DW_LNS_copy, {});
		LT.addStandardOpcode(DW_LNS_const_add_pc, {});
		LT.addExtendedOpcode(1, DW_LNE_end_sequence, {});
		DWARFDebugLine::Prologue Prologue = LT.createBasicPrologue();
		// Set the total length to 1 higher than the actual length. The program body
		// has size 5.
		Prologue.TotalLength += 6;
		LT.setPrologue(Prologue);

		generate();

		auto ExpectedLineTable = Line.getOrParseLineTable(LineData, 1, *Context,
		nullptr, RecordRecoverable);
		checkError("line table program with offset 0x00000001 has length 0x00000034 "
		"but only 0x00000033 bytes are available",
		std::move(Recoverable));
		ASSERT_THAT_EXPECTED(ExpectedLineTable, Succeeded());
		EXPECT_EQ((*ExpectedLineTable)->Rows.size(), 2u);
		EXPECT_EQ((*ExpectedLineTable)->Sequences.size(), 1u);
		}

TEST_F(DebugLineBasicFixture, ErrorForMismatchedAddressSize) {		TEST_F(DebugLineBasicFixture, ErrorForMismatchedAddressSize) {
if (!setupGenerator())		if (!setupGenerator())
return;		return;

LineTable &LT = Gen->addLineTable();		LineTable &LT = Gen->addLineTable();
// The line data extractor expects size 8 (Quad) addresses.		// The line data extractor expects size 8 (Quad) addresses.
LT.addExtendedOpcode(5, DW_LNE_set_address, {{0x11223344, LineTable::Long}});		LT.addExtendedOpcode(5, DW_LNE_set_address, {{0x11223344, LineTable::Long}});
LT.addStandardOpcode(DW_LNS_copy, {});		LT.addStandardOpcode(DW_LNS_copy, {});
▲ Show 20 Lines • Show All 284 Lines • Show Last 20 Lines